package com.projectpractice.config;


import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import com.projectpractice.bean.UserRealm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.Cookie;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @author TangLuJie
 * @date 2020/7/5 19:26
 */
@Configuration
public class ShiroConfig {
    @Bean(name = "shiroFilterFactoryBean")
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("SecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
        //内置过滤器
        /*
            anno:无需认证可访问
            authc:必须认真才能访问
            user:
            perms:设置资源拦截
            role:拥有某个角色权限
         */
        //设置授权
        Map<String, String> filterChainDefinitionMap=new LinkedHashMap<>();
        //设置拦截 user拦截：用户验证通过或记住我  authc：通过login登录的才行
        //filterChainDefinitionMap.put("/toRegister","anno");
        //filterChainDefinitionMap.put("/","anno");
        //设置更多权限拦截
        //filterChainDefinitionMap.put("/user/add","perms[student]");
        //filterChainDefinitionMap.put("/user/update","perms[student]");
        //配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了，登出后跳转配置的loginUrl
        filterChainDefinitionMap.put("/logout", "logout");
        // 配置不会被拦截的链接 顺序判断
        filterChainDefinitionMap.put("/user/toRegist", "anon");
        filterChainDefinitionMap.put("/index/**", "authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        //设置没有权限时的登录页
        shiroFilterFactoryBean.setLoginUrl("/user/toLogin");
        //设置未授权时的跳转页面
        shiroFilterFactoryBean.setUnauthorizedUrl("/user/toLogin");


        return shiroFilterFactoryBean;
    }

    @Bean(name = "SecurityManager")
    public DefaultWebSecurityManager getSecurityManager(UserRealm userRealm, CookieRememberMeManager cookieRememberMeManager){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRememberMeManager(cookieRememberMeManager);

        securityManager.setRealm(userRealm());
        return securityManager;
    }

    //cookieRememberMeManager管理cookie 并传入上面的SecurityManager
    @Bean
    public CookieRememberMeManager cookieRememberMeManager(){
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        SimpleCookie simpleCookie = new SimpleCookie("remember-Me");
        simpleCookie.setHttpOnly(true);
        simpleCookie.setMaxAge(Cookie.ONE_YEAR);
        cookieRememberMeManager.setCookie(simpleCookie);
        return cookieRememberMeManager;
    }

    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }

    //
    @Bean
    public ShiroDialect shiroDialect(){
        return new ShiroDialect();
    }
}
